ImageMagick-7.1.1.11-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13000 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ImageMagick-7.1.1.11-2.1 on GA media These are all security issues fixed in the ImageMagick-7.1.1.11-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13000 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13000 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-34474/ SUSE CVE CVE-2023-34474 page https://www.suse.com/security/cve/CVE-2023-34475/ SUSE CVE CVE-2023-34475 page openSUSE Tumbleweed ImageMagick-7.1.1.11-2.1 ImageMagick-config-7-SUSE-7.1.1.11-2.1 ImageMagick-config-7-upstream-7.1.1.11-2.1 ImageMagick-devel-7.1.1.11-2.1 ImageMagick-devel-32bit-7.1.1.11-2.1 ImageMagick-doc-7.1.1.11-2.1 ImageMagick-extra-7.1.1.11-2.1 libMagick++-7_Q16HDRI5-7.1.1.11-2.1 libMagick++-7_Q16HDRI5-32bit-7.1.1.11-2.1 libMagick++-devel-7.1.1.11-2.1 libMagick++-devel-32bit-7.1.1.11-2.1 libMagickCore-7_Q16HDRI10-7.1.1.11-2.1 libMagickCore-7_Q16HDRI10-32bit-7.1.1.11-2.1 libMagickWand-7_Q16HDRI10-7.1.1.11-2.1 libMagickWand-7_Q16HDRI10-32bit-7.1.1.11-2.1 perl-PerlMagick-7.1.1.11-2.1 ImageMagick-7.1.1.11-2.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-SUSE-7.1.1.11-2.1 as a component of openSUSE Tumbleweed ImageMagick-config-7-upstream-7.1.1.11-2.1 as a component of openSUSE Tumbleweed ImageMagick-devel-7.1.1.11-2.1 as a component of openSUSE Tumbleweed ImageMagick-devel-32bit-7.1.1.11-2.1 as a component of openSUSE Tumbleweed ImageMagick-doc-7.1.1.11-2.1 as a component of openSUSE Tumbleweed ImageMagick-extra-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagick++-7_Q16HDRI5-32bit-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagick++-devel-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagick++-devel-32bit-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagickCore-7_Q16HDRI10-32bit-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-7.1.1.11-2.1 as a component of openSUSE Tumbleweed libMagickWand-7_Q16HDRI10-32bit-7.1.1.11-2.1 as a component of openSUSE Tumbleweed perl-PerlMagick-7.1.1.11-2.1 as a component of openSUSE Tumbleweed A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. CVE-2023-34474 openSUSE Tumbleweed:ImageMagick-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.11-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.11-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-34474.html CVE-2023-34474 https://bugzilla.suse.com/1212237 SUSE Bug 1212237 A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. CVE-2023-34475 openSUSE Tumbleweed:ImageMagick-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-config-7-SUSE-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-config-7-upstream-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-devel-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-devel-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-doc-7.1.1.11-2.1 openSUSE Tumbleweed:ImageMagick-extra-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-7_Q16HDRI5-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-devel-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagick++-devel-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickCore-7_Q16HDRI10-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-32bit-7.1.1.11-2.1 openSUSE Tumbleweed:libMagickWand-7_Q16HDRI10-7.1.1.11-2.1 openSUSE Tumbleweed:perl-PerlMagick-7.1.1.11-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-34475.html CVE-2023-34475 https://bugzilla.suse.com/1212234 SUSE Bug 1212234